Closed code423n4 closed 2 years ago
WatchPug
https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L79-L86
function removeOperator(bytes32 operator) external override onlyOwner { uint256 i = 0; while (operators[i] != operator) { i++; } require(i > 0, "NestedFactory::removeOperator: Cant remove non-existent operator"); delete operators[i]; }
Unable to delete operator at index 0 because it will revet at L84.
operator
Change to:
function removeOperator(bytes32 operator) external override onlyOwner { uint256 length = operators.length; for (uint256 i = 0; i < length; i++) { if (operators[i] == operator) { delete operators[i]; return; } } revert("NestedFactory::removeOperator: Cant remove non-existent operator"); }
Duplicated : #58
Taking #220 instead
Handle
WatchPug
Vulnerability details
https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L79-L86
Unable to delete
operator
at index 0 because it will revet at L84.Recommendation
Change to: